bludit/bl-kernel/security.class.php

148 lines
3.4 KiB
PHP
Raw Permalink Normal View History

2015-08-08 02:39:10 +02:00
<?php defined('BLUDIT') or die('Bludit CMS.');
class Security extends dbJSON
{
private $dbFields = array(
'key1'=>'Where we go we dont need roads',
2015-08-08 02:39:10 +02:00
'minutesBlocked'=>5,
2015-08-12 22:15:17 +02:00
'numberFailuresAllowed'=>10,
2015-08-18 04:02:19 +02:00
'blackList'=>array()
2015-08-08 02:39:10 +02:00
);
function __construct()
{
parent::__construct(PATH_DATABASES.'security.php');
}
// Authentication key
// --------------------------------------------------------------------
public function key1()
{
return $this->db['key1'];
}
2015-09-08 02:51:48 +02:00
// ====================================================
// TOKEN FOR CSRF
// ====================================================
// Generate and save the token in Session.
public function generateTokenCSRF()
2015-09-08 02:51:48 +02:00
{
$token = Text::randomText(8);
$token = sha1($token);
Log::set(__METHOD__.LOG_SEP.'New tokenCSRF was generated '.$token);
2015-10-20 05:14:28 +02:00
Session::set('tokenCSRF', $token);
2015-09-08 02:51:48 +02:00
}
// Validate the token.
public function validateTokenCSRF($token)
2015-09-08 02:51:48 +02:00
{
2015-10-20 05:14:28 +02:00
$sessionToken = Session::get('tokenCSRF');
2015-09-08 02:51:48 +02:00
return ( !empty($sessionToken) && ($sessionToken===$token) );
}
// Returns the token.
public function getTokenCSRF()
2015-09-08 02:51:48 +02:00
{
2015-10-20 05:14:28 +02:00
return Session::get('tokenCSRF');
2015-09-08 02:51:48 +02:00
}
public function printTokenCSRF()
2015-09-08 02:51:48 +02:00
{
2015-10-20 05:14:28 +02:00
echo Session::get('tokenCSRF');
2015-09-08 02:51:48 +02:00
}
// ====================================================
// BRUTE FORCE PROTECTION
// ====================================================
2015-08-12 22:15:17 +02:00
public function isBlocked()
{
$ip = $this->getUserIp();
if(!isset($this->db['blackList'][$ip])) {
return false;
}
$currentTime = time();
$userBlack = $this->db['blackList'][$ip];
$numberFailures = $userBlack['numberFailures'];
$lastFailure = $userBlack['lastFailure'];
2015-08-08 02:39:10 +02:00
2015-08-12 22:15:17 +02:00
// Check if the IP is expired, then is not blocked.
2015-08-18 04:02:19 +02:00
if($currentTime > $lastFailure + ($this->db['minutesBlocked']*60)) {
2015-08-12 22:15:17 +02:00
return false;
}
// The IP has more failures than number of failures, then the IP is blocked.
if($numberFailures >= $this->db['numberFailuresAllowed']) {
2015-08-18 04:02:19 +02:00
Log::set(__METHOD__.LOG_SEP.'IP Blocked:'.$ip);
2015-08-12 22:15:17 +02:00
return true;
}
// Otherwise the IP is not blocked.
return false;
}
2015-08-08 02:39:10 +02:00
public function addLoginFail()
{
$ip = $this->getUserIp();
2015-08-12 22:15:17 +02:00
$currentTime = time();
$numberFailures = 1;
2015-08-18 04:02:19 +02:00
if(isset($this->db['blackList'][$ip]))
{
$userBlack = $this->db['blackList'][$ip];
$lastFailure = $userBlack['lastFailure'];
// Check if the IP is expired, then renew the number of failures.
if($currentTime <= $lastFailure + ($this->db['minutesBlocked']*60))
{
$numberFailures = $userBlack['numberFailures'];
$numberFailures = $numberFailures + 1;
}
2015-08-12 22:15:17 +02:00
}
$this->db['blackList'][$ip] = array('lastFailure'=>$currentTime, 'numberFailures'=>$numberFailures);
2015-08-08 02:39:10 +02:00
2015-08-18 04:02:19 +02:00
Log::set(__METHOD__.LOG_SEP.'Blacklist, IP:'.$ip.', Number of failures:'.$numberFailures);
2015-08-08 02:39:10 +02:00
// Save the database
if( $this->save() === false ) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.');
return false;
}
return true;
}
2015-08-18 04:18:57 +02:00
public function getNumberFailures($ip=null)
{
if(empty($ip)) {
$ip = $this->getUserIp();
}
if(isset($this->db['blackList'][$ip])) {
$userBlack = $this->db['blackList'][$ip];
return $userBlack['numberFailures'];
}
}
2015-08-08 02:39:10 +02:00
public function getUserIp()
{
// User IP
if(getenv('HTTP_X_FORWARDED_FOR'))
$ip = getenv('HTTP_X_FORWARDED_FOR');
elseif(getenv('HTTP_CLIENT_IP'))
$ip = getenv('HTTP_CLIENT_IP');
else
$ip = getenv('REMOTE_ADDR');
return $ip;
}
}